CVE - CVE-2009-0733

CVE-ID
CVE-2009-0733	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:34185 URL:http://www.securityfocus.com/bid/34185 BUGTRAQ:20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted) URL:http://www.securityfocus.com/archive/1/502018/100/0/threaded BUGTRAQ:20090320 [oCERT-2009-003] LittleCMS integer errors URL:http://www.securityfocus.com/archive/1/502031/100/0/threaded CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=487512 DEBIAN:DSA-1745 URL:http://www.debian.org/security/2009/dsa-1745 DEBIAN:DSA-1769 URL:http://www.debian.org/security/2009/dsa-1769 FEDORA:FEDORA-2009-2903 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html FEDORA:FEDORA-2009-2910 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html FEDORA:FEDORA-2009-2928 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html FEDORA:FEDORA-2009-2970 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html FEDORA:FEDORA-2009-2982 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html FEDORA:FEDORA-2009-2983 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html FEDORA:FEDORA-2009-3034 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html GENTOO:GLSA-200904-19 URL:http://security.gentoo.org/glsa/glsa-200904-19.xml MANDRIVA:MDVSA-2009:121 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:121 MANDRIVA:MDVSA-2009:137 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:137 MANDRIVA:MDVSA-2009:162 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:162 MISC:http://scary.beasts.org/security/CESA-2009-003.html MISC:http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html MISC:http://www.ocert.org/advisories/ocert-2009-003.html OVAL:oval:org.mitre.oval:def:9742 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742 REDHAT:RHSA-2009:0339 URL:http://www.redhat.com/support/errata/RHSA-2009-0339.html REDHAT:RHSA-2009:0377 URL:https://rhn.redhat.com/errata/RHSA-2009-0377.html SECTRACK:1021869 URL:http://www.securitytracker.com/id?1021869 SECUNIA:34367 URL:http://secunia.com/advisories/34367 SECUNIA:34382 URL:http://secunia.com/advisories/34382 SECUNIA:34400 URL:http://secunia.com/advisories/34400 SECUNIA:34408 URL:http://secunia.com/advisories/34408 SECUNIA:34418 URL:http://secunia.com/advisories/34418 SECUNIA:34442 URL:http://secunia.com/advisories/34442 SECUNIA:34450 URL:http://secunia.com/advisories/34450 SECUNIA:34454 URL:http://secunia.com/advisories/34454 SECUNIA:34463 URL:http://secunia.com/advisories/34463 SECUNIA:34632 URL:http://secunia.com/advisories/34632 SECUNIA:34675 URL:http://secunia.com/advisories/34675 SECUNIA:34782 URL:http://secunia.com/advisories/34782 SLACKWARE:SSA:2009-083-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438 SUSE:SUSE-SR:2009:007 URL:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html UBUNTU:USN-744-1 URL:http://www.ubuntu.com/usn/USN-744-1 VUPEN:ADV-2009-0775 URL:http://www.vupen.com/english/advisories/2009/0775 XF:littlecms-readsetofcurves-bo(49330) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/49330
Assigning CNA
MITRE Corporation
Date Record Created
20090225	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20090225)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)